As long as cloud computing has been a buzzword in the field of technology, cloud security has stood as a major adoption inhibitor for many organizations. After years of worry, the Open Data Center Alliance (ODCA) is telling people that it is okay to embrace the cloud, according to CloudPro.
At an OCDA event Marc Ramselaar stated that accidents attributed to the cloud often are not true cloud issues and that the perception was not the reality in recent high profile issues. Ramselaar believes that what is actually a security issue with mobile phones (or whatever other device is accessing the data in the cloud) is being perceived as something that has been enabled by the cloud. He argues that it’s not the cloud that is insecure, but rather how people are using it.
In my opinion you can’t really separate the two when you’re talking about people using the tool. To argue that it’s not the cloud rather it is the device is akin to arguing that it’s not EVER a computer’s fault for being easy to steal data from… it’s always the users fault because they choose easy to guess passwords. If cloud computing is to be truly secure then it is important to have policies set up that will enhance security and that will mean not letting devices that are not secure have access to data that is meant to be secure.
Their is a tendency to outsource the cloud service (storage, computing, software) and that tendancy could require a greater level of monitoring and control in order to maximize security.
There’s also the concern about who is responsible for securing data. Much cloud technology is a service, but providers often do not want to put themselves on the line for your data. In my mind I’m okay with this to a degree. If the data is accessed by internal breach then the service provider should be held responsible. But if you write an iPhone app that accesses data in the cloud in an unsecured fashion then you’re the one responsible.
Scarily, at the time of this writing, 75 percent of providers (people who sell cloud based services) believe that their services did not adequately protect their customers’ data. In addition, 69 percent thought that securing that data was not their responsibility. This is scary because of the blanket statement made. It basically sounds like these people believe they are never responsible for the data when they are in fact the last line of defense.
The fact of it is that good protection of data in a cloud environment requires protection from both parties, and even though it may not be clear who bears the responsibility, the costs of a security snafu is one that no one wants to bear. If the data is yours then you need to protect it and you need to know that the services you utilize in your own computing systems are designed and built with security in mind.